Security Operations Center (SOC) Analyst
Work Location : India
- The SOC Analyst is responsible to perform a variety real time Threat Monitoring and Analyst activities to enable delivery of complete Security Incident and Event Management services on a wide range of security services. This includes applying your analytical, reasoning & specialized technical expertise to investigate, identify, correlate, and escalate security incidents, network anomalies and proactive/reactive reporting activities.
- The analyst will work closely with Enterprise log management team to support the development and operations of ELK platform.
- Reporting to the Security Operation Center (SOC) Manager, the analyst expected to be an experienced Information Security professional with a high level of commitment, initiative, and a motivated self-starter with proven abilities to get the job done. You should possess excellent communication skills, a strong IT networking security background and be able to use these skills to deliver services within the ITIL driven Integrated Incident Management environment.
Technical Skills Required :
- Minimum of 5 years of experience in a SOC environment with focus on security incident analysis and response activities.
- Demonstrated experience in a SIEM product and preferred in ELK (Elasticsearch, Logstash and Kibana) stack solutions.
- Experience with scripting (Python, PowerShell or bash scripting).
- Significant experience performing analysis of logs from a variety of sources.
- IT Security Certification such as GCIH|GCIA|GMON|CISSP|GCFA|GREM|OSCP will be considered as an advantage.
- Good Knowledge of DevOps concepts, AWS and Azure fundamentals is a plus.
- Significant experience performing analysis of logs from a variety of sources (OS, Endpoint Solutions, Databases, Email Security Gateways, Firewalls, WAFs, IPS, DAM, DLP, Web Servers etc...).
- A bachelor’s degree in computer science, engineering or technology-related field, or equivalent
Key Responsibilities :
- The SOC Analyst job’s main responsibilities are to deal with the security incidents which are detected by the security monitoring team and to lead in-depth analysis on these incidents in support of the Information Security & Compliance Strategy, Programs and Operations, such as:
- The SOC Analyst is responsible for conducting information security investigations because of security incidents identified by the tier 1 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone).
- Act as a point of escalation for tier 1 SOC security analysts in support of information security investigations to provide guidance, actions and oversight on incident resolution and containment techniques
- Act as the lead coordinator for Majid Al Futtaim’s response to individual information security incidents
- Design, create and maintain custom SIEM content (creation, evaluation and tuning of rules, reports, dashboards, etc.).
- Design, create and maintain custom tools that support incident handling and response activities
- Staying up-to-date with emerging security threats including applicable regulatory security requirements to enhance the threat and technical intelligence of the company Cyber Defense services.
- Development and improvement of the company’s knowledge base and incident handling procedures, playbooks and works on the decrease of false positives.
- ELK knowledge to implement and operate ELK (Elasticsearch, Logstash and Kibana) stack solutions.
- Support ELK integration with other enterprise IT systems such as: SIEM, Active directory, vulnerability management tools, office 365, ERP systems, AWS platform, Azure platform, windows, Linux, Solaris, oracle DB, SQL DB, big data platform, business applications.